Home Office is seeking new ways to obtain GP data on patients

The Home Office is in discussion with NHS Digital over a new agreement to allow it to access GP patient data, after NHS Digital pulled out of the previous deal.

The data-sharing agreement, known as the memorandum of understanding (MoU), was first introduced in January 2017, but put on pause for review back in May, before NHS Digital withdrew completely at the beginning on this month.

A new deal could be on the horizon however, with the two parties currently in talks over a 'new MoU' to enable requests for 'non-medical information about those facing deportation action'.

Meanwhile, the MoU was legally challenged by the Migrants’ Rights Network – represented by human rights organisation Liberty and Matrix Chambers - which said it violated patient confidentiality and discriminated against non-British patients.

On 2 November, the Migrants’ Rights Network said it received a letter from the court, stating that NHS Digital had withdrawn from the data-sharing agreement, a victory it claims was the result of the legal battle.

Lara Ten Caten, a lawyer working for Liberty's campaign, said: ‘This stand-down by the Government is a huge victory for everyone who believes we should be able to access healthcare safely – and particularly for doctors and nurses who had become complicit in the Government’s hostile environment against their will.’

However, NHS Digital told Pulse that it is working with the Home Office to create a new MoU, and will run a consultation - to understand if it would be in the ‘public interest' - before signing the new agreement.

NHS Digital explained it ‘received a revised narrowed request from the Home Office’ which ‘calls upon a different legal basis for data sharing which will require a materially different MoU’.

A spokesperson said: ‘Given this, and the expectation that it will take several more months to conclude consultation and drafting, and our recognition that multiple stakeholder communities are anxious to ensure that the agreement of 9 May is respected, we have formally closed-out our participation in the exiting MoU, which has been paused since May.

‘If our assessment of the new request, post consultation, is that it is in the public interest to share the requested data, then we will sign a new MoU with the Home Office.’

A Home Office spokesperson added: ‘We continue to work with NHS Digital on a new MoU to enable us to make requests for non-medical information about those facing deportation action because they have committed serious crimes, or where information is necessary to protect someone's welfare.’

Chair of Doctors in Unite and Tower Hamlets GP Dr Jackie Applebee said: 'The MoU undermined one of the most fundamental pillars in the doctor/patient relationship and that is trust. It is great news for GPs and patients that they can resume confidential partnerships which is the bedrock of good clinical care.'

But she added: 'It is very disappointing to hear that hot on the heels of the Liberty victory that the Home Office and NHS Digital are continuing to develop a new MoU. It is very worrying that they clearly learned nothing from the windrush affair and persist in fostering the hostile environment.'

Readers' comments (8)

They do this as they know the majority of people register with a doctor and so they will pick up people who are here illegally this way. So the only way to do this ethically is to make sure all people are aware their personal contact details will be made available to the police and immigration service if they register with a doctor. Unfortunately this will then deter people from registering.
The only other way is to be deceitful and not inform people that we do this.
Either way it puts us in a very difficult position. The fundamental principle of confidentiality should prevail and we cannot allow the state access to this information. As data controllers the GP can formally complain to the ICO that the Home Office is in breach of the law, regardless of any MoU, and taking data from a data controller without consent.

Interestingly it has always been a principle that we will not give over this sort of information to the police unless there was a significant danger to the patient or public. Breaking this principle would put us on the wrong side of the ICO and GMC no matter what MoU the police had with the anybody. The case for the Home Office having access is much weaker and so would also put us in serious jeopardy with the ICO and the GMC.

We we think we are not data controllers in principle anymore the profession needs to make that clear to the ICO. Perhaps we stop all computerised notes and go back to Lloyd George notes until it is sorted. A thought... we could have a practice based code for all patient contact details so the SystmOne contact details are only readable with the code which we keep control of. The Home Office would have to beat the code word and codebook out of you.

When the Government took over the payment of the GP Computer systems voices were heard saying that any Government would not be able to keep their sticky mitts off the juicy data held on those computers.

The NHS has all the data on computer held by EMIS/etc. Why don't they cut the GP/middle man out and go direct to them with the request. I wonder what their reaction would be to breaching confidentiality?

" If the police do not have a court order or warrant they may ask for a patient’s health records to be disclosed voluntarily under section 35 of the DPA 2018. However, while health professionals have the power to disclose the records to the police, there is no obligation to do so. In such cases health professionals may only disclose information where the patient has given consent, or there is an overriding public interest.
"In this context a disclosure in the public interest is a disclosure that is essential to prevent a serious threat to public health, national security, the life of the individual or a third party, or to prevent or detect serious crime. This includes crimes such as murder, manslaughter, rape, treason, kidnapping and abuse of children or other vulnerable people. Serious harm to the security of the state or to public order and serious fraud will also fall into this category. In contrast, theft, minor fraud or damage to property, where loss or damage is less substantial, would generally not justify the breach of confidence necessary to make the disclosure.

"Health professionals should be aware that they risk criticism, and even legal liability, if they fail to take action to avoid serious harm being caused to others. Guidance should be sought from the Caldicott guardian, or defence body where there is any doubt as to whether disclosure should take place in the public interest."